improve admin invite (#5403)

* check for admin invite * refactor the invitation logic * cleanup check for undefined token * prevent wrong user from accepting invitation
2026-01-16 20:50:33 +00:00 · 2025-01-20 20:21:44 +01:00
parent 29f2b433f0
commit ef2695de0c
5 changed files with 77 additions and 96 deletions
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -99,6 +99,7 @@ const DT_FMT: &str = "%Y-%m-%d %H:%M:%S %Z";
 const BASE_TEMPLATE: &str = "admin/base";

 const ACTING_ADMIN_USER: &str = "vaultwarden-admin-00000-000000000000";
+pub const FAKE_ADMIN_UUID: &str = "00000000-0000-0000-0000-000000000000";

 fn admin_path() -> String {
    format!("{}{}", CONFIG.domain_path(), ADMIN_PATH)
@@ -299,7 +300,9 @@ async fn invite_user(data: Json<InviteData>, _token: AdminToken, mut conn: DbCon

    async fn _generate_invite(user: &User, conn: &mut DbConn) -> EmptyResult {
        if CONFIG.mail_enabled() {
-            mail::send_invite(user, None, None, &CONFIG.invitation_org_name(), None).await
+            let org_id: OrganizationId = FAKE_ADMIN_UUID.to_string().into();
+            let member_id: MembershipId = FAKE_ADMIN_UUID.to_string().into();
+            mail::send_invite(user, org_id, member_id, &CONFIG.invitation_org_name(), None).await
        } else {
            let invitation = Invitation::new(&user.email);
            invitation.save(conn).await
@@ -475,7 +478,9 @@ async fn resend_user_invite(user_id: UserId, _token: AdminToken, mut conn: DbCon
        }

        if CONFIG.mail_enabled() {
-            mail::send_invite(&user, None, None, &CONFIG.invitation_org_name(), None).await
+            let org_id: OrganizationId = FAKE_ADMIN_UUID.to_string().into();
+            let member_id: MembershipId = FAKE_ADMIN_UUID.to_string().into();
+            mail::send_invite(&user, org_id, member_id, &CONFIG.invitation_org_name(), None).await
        } else {
            Ok(())
        }